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ABSTRACT 

Cloud  computing  security  or  simply  cloud  security 
refers  to  a  broad  set  of  policies,  technologies  and 
controls  deployed  to  protect  data  application  and  the 
associated  infrastructure  of  cloud  computing.  The  aim 
of  this  work  was  to  address  and  minimize  the  problem 
of  unauthorized  access  to  information  and 
applications  on  the  cloud  with  the  use  of  verification 
code,  this  project  is  targeted  towards  protecting  user’s 
privacy  and  also  preserving  the  integrity  of  their 
information  and  also  the  integrity  of  the  Cloud 
Environment.  The  work  was  accomplished  with  the 
creation  of  user  registration  phase,  user  login  and 
authentication  phase  and  password  change  and 
verification  code  change  phase,  this  was 
accomplished  with  the  use  of  certain  tools  such  as 
PHP,  JQuery,  MySQL  Database,  Ajax,  HTML5  and 
CSS.  A  system  using  an  integrated  development 
environment  was  developed  and  security  was  installed 
in  the  system  using  htdocs  and  htaccess  which  helps 
to  prevent  against  IP  address  filtering,  URL  address 
switching  and  removes  the  channel  of  SQL  injection. 

Keywords:  Cloud  Computing,  Security,  Verification 
Code,  Cloud  Resources,  Integrity 
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1.  INTRODUCTION 

The  term  “cloud”  is  used  as  a  representation  of  the 
internet  and  other  communications  system  as  well  as 
an  abstraction  of  the  underlying  infrastructures 
involved.  What  we  now  refer  to  as  cloud  computing  is 
the  result  of  an  evolution  of  the  widespread  adoption 
of  virtualization,  service-oriented  architecture, 
autonomic  and  utility  computing.  Details  such  as  the 
location  of  infrastructure  or  component  devices  are 
unknown  to  most  end-users,  who  no  longer  need  to 
thoroughly  understand  or  control  the  technology 
infrastructure  that  supports  their  computing  activities. 
The  brief  evolution  of  cloud  computing  are:  Grid 
Computing,  Utility  Computing,  SaaS  and  Cloud 
computing. 

The  National  institute  of  Standards  and  Technology 
defines  cloud  computing  as  a  model  for  enabling 
convenient,  on-demand  network  access  to  a  shared 
pool  of  configurable  computing  resources  (e.  g 
networks,  servers,  storage,  applications  and  services) 
that  can  be  rapidly  provisioned  and  released  with 
minimal  management  effort  or  service  provider 
interaction  (Mell,  2009).  Cloud  computing  security 
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or  simply  cloud  security  is  an  evolving  sub-domain  of 
computer  security,  network  security  and  more  broadly 
information  security.  It  refers  to  a  broad  set  of 
policies,  technologies  and  controls  deployed  to  protect 
data  application  and  the  associated  infrastructure  of 
cloud  computing.  Most  of  the  time,  cloud  computing 
is  concerned  with  accessing  online  software 
applications,  data  storage  and  processing  power.  In 
the  last  few  years,  cloud  computing  has  grown  from 
being  a  promising  business  concept  to  one  of  the 
fastest  growing  segments  of  the  IT  industry.  However, 
as  more  and  more  information  on  individuals  and 
companies  are  placed  in  the  cloud,  concerns  are 
beginning  to  grow  about  just  how  safe  an  environment 
is  (Kuyoro  et.al,  2011). 

Despite  the  much  attention  given  to  the  cloud, 
customers  are  still  reluctant  to  deploy  their  business  in 
the  cloud  due  to  security  issues.  Cloud  computing  has 
unique  attributes  that  requires  risk  assessment  in  areas 
such  as  data  integrity,  recovery  and  privacy  and  an 
evaluation  of  legal  issues  in  areas  such  as  regulatory 
compliance  and  auditing.  Organizations  use  the  cloud 
in  a  variety  of  different  service  models  (SAAS  - 
Software  as  a  Service,  PAAS-  Platform  as  a  Service 
and  IAAS-  Infrastructure  as  a  Service.)  and 
deployment  models  (Private,  Public  and  Hybrid), 
there  are  a  number  of  security  issues  and  concerns 
associated  with  cloud  computing  and  these  issues  fall 
into  two  broad  categories:  security  issues  faced  by 
cloud  providers  (organizations  providing  SAAS, 
PAAS  or  IAAS  via  the  cloud)  and  security  issues 
faced  by  their  customers  (cloud  users).  Other  major 
security  issues  faced  in  cloud  computing  include 
governance  and  enterprise  risk  management,  local  and 
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electronic  discovery,  portability  and  interoperability, 
application  security  e.  t.  c.  This  project  intends  to  take 
a  look  at  the  major  security  issue  of  application  and 
information  security  and  proffer  a  solution  to  it. 

2.  RELATED  WORKS 

Akshay  et.al,  (2013),  worked  on  FaceRecognition 
System  (FRS)  on  Cloud  Computing  for  User 
Authentication,  in  their  work  theyproposed  the  use  of 
a  biometric  technique  called  “FACE 
RECOGNITION”.Face  recognition  was  based  on  both 
the  shape  and  location  of  the  eyes,  eyebrows,  nose, 
lips,  and  chin  or  on  the  overall  analysis  of  the  face 
image  that  represent  a  face  as  a  number  of  recognized 
faces.  Face  Recognition  System  (FRS)  enables  only 
authorized  users  to  access  data  from  cloud  server,  the 
limitation  of  this  work  is  that  it  will  not  work  in  the 
absence  of  camera  also  face  features  might  become 
different  depending  on  lighting  conditions,  time  of  the 
day 

ALRassan  and  AlShaher  (2013),  worked  on 
Securing  Mobile  Cloud  Using  Finger  print 
authentication  in  their  work  they  proposed  an 
authentication  mechanism  using  fingerprint 
recognition  to  secure  access  in  mobile  cloud.  The 
proposed  solution  was  employed  to  use  a  fingerprint 
recognition  system  to  obtain  the  fingertip  image 
through  the  mobile  phone  camera,  the  aim  was  to 
convert  fingertip  image  obtained  by  mobile  phone 
camera  to  fingerprint  image  and  extract  ridge 
structure  from  it  to  be  as  similar  as  possible  with  the 
ridge  structure  gained  from  fingerprint  sensor.  Of 
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course,  mobile  camera  can't  convert  the  image  to  be 
like  the  output  image  obtained  and  processed  by  using 
fingerprint  sensor,  but  at  least  this  process  aim  to 
export  an  acceptable  output.  The  process  will  be 
achieved  by  the  user  initially,  in  the  enrolment 
presenting  his/her  fingertip  to  the  mobile  phone 
camera  to  obtain  a  fingerprint  sample  and  extracted 
features  by  pre-processing  the  sample. 

Tirthani  and  Ganesan,  (2013),  worked  on  proposed 
a  system  for  removing  security  threats  in  cloud 
architecture  by  using  two  encrypting  techniques  the 
Diffie  Hellmann  Key  Exchange  and  Elliptic  Curve 
Cryptography.  To  deploy  these  two  methods,  they 
proposed  a  new  architecture  which  can  be  used  to 
design  a  cloud  system  for  better  security  and 
reliability  on  the  cloud  servers  at  the  same  time 
maintaining  the  data  integrity  from  user  point  of  view. 

Wazed  et.al  (2012),  worked  on  File  Encryption  and 
Distributed  Server  Based  Cloud  Computing  Security 
Architecture,  they  proposed  a  model  that  uses  the 
following  security  algorithms:  RSA  algorithm  for 
secured  communication,  AES  for  Secured  file 
encryption, MD5  hashing  for  cover  the  tables  from 
user  and  One  time  password  for  authentication.  In  this 
model,  all  the  users  irrespective  of  new  or  existing 
member,  needs  to  pass  through  a  secured  channel 
which  is  connected  to  the  main  system  computer  and 
RSA  encryption  algorithm  was  used  for  making  the 
communication  safe.  In  the  proposed  security  model 
one  time  password  was  used  for  authenticating  the 
user.  The  password  was  also  used  to  keep  the  user 
account  secure  and  secret  from  the  unauthorized  user. 
But  the  user  defined  password  can  be  compromised. 
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To  overcome  this  difficulty  one  time  password  is  used 
in  the  proposed  security  model.The  limitation  of  this 
system  is  that  if  the  user’s  email  is  hacked  then  the 
password  is  revealed. 

3.  METHODOLOGY 

Security  has  become  a  major  issue  and  with  the 
invention  of  new  and  modern  technologies,  more 
security  issues  have  come  up.  Cloud  computing  as  a 
recent  development  also  has  a  lot  of  security  issues 
and  threat  to  be  careful  about.  This  work  looks  at  the 
security  issue  of  unauthorized  access  to  applications 
and  information  on  the  cloud  and  PHP,  Java  scripts 
and  My  SQL  database  are  the  major  tools  that  was 
utilized. 

A.  Creation  of  a  User  Registration  Phase: 

Whenever  a  cloud  user  wants  to  access  cloud 
resources  and  applications,  the  user  has  to  first 
register  on  the  cloud,  the  steps  for  the  registration  are 
as  follows: 

(i)  The  user  provides  his/her  full  name. 

(ii)  The  user  provides  a  valid  email  address,  a 
username  and  password  to  the  authentication 
server 

(iii) Authentication  server  checks  the  email  address 
against  the  availability  of  that  email  address, 
i.e  the  email  address  should  not  match  or 
repeat  with  an  existing  user’s  email  address. 

(iv)  The  user  answers  a  security  question  of  their 
choice  to  serve  as  a  backup  in  case  of  a  future 
security  breach. 

(v)  Once  the  email  address  has  been  checked,  the 
authentication  server  sends  a  unique 
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verification  code  to  the  user’s  email  in  form  of 
a  link  and  which  the  user  has  to  supply  the 
answer  to  the  security  questions  before  the 
code  is  displayed. 

(vi)  Once  the  user  supplies  the  correct 
answers  and  it  has  been  checked  by  the  server 
then  the  verification  code  is  displayed  for  the 
user  to  see. 

(vii)  The  user  can  then  enter  the  verification 
code  during  log  in  for  further  authentication. 

B.  Creation  of  a  User  Login  and  Authentication 
Phase:  Whenever  the  user  wants  to  access 
resources  such  as  applications  and  information  on 
the  cloud,  he/she  has  to  login  onto  the  cloud,  the 
steps  for  login  are  as  follows: 

(i)  User  enters  the  registered  username  and 
password 

(ii)  The  authentication  server  checks  the 
username  and  password  entered  by  the 
user  with  the  one  that  has  been  provided  at 
the  time  of  registration 

(iii)  The  user  is  then  taken  to  another  page  and 
asked  to  enter  the  verification  code  that 
was  sent  to  his/her  mail  for  further 
authentication 

(iv)  The  authentication  server  matches  the 
verification  code  entered  by  the  user  with 
the  one  sent  to  the  user’s  mail. 

(v)  After  the  verification  code  has  been 
matched,  the  user  will  be  authenticated  and 
then  gets  access  to  applications  and 
information 


C.  Creation  of  a  Password  Change  and  Verification 
Code  Change  Phase: 

This  phase  is  created  in  order  to  accommodate  the 
need  for  change  in  password  or  verification  code  of 
the  user  due  to  security  reasons.  This  phase  will  be 
created  as  follows: 

(i)  The  user  provides  his/her  email  address. 

(ii)  The  user  supplies  the  correct  answer  to  the 
security  question  he/she  has  previously 
answered  in  the  registration  phase. 

(iii)  The  authentication  server  checks  the 
supplied  answer  with  the  registered  email 
address  and  answer  supplied  during 
registration. 

(iv)  After  the  email  address  and  supplied 
answer  have  been  matched,  a  new 
password  is  supplied  by  the  user  to  the 
authentication  server. 

(v)  A  new  verification  code  is  generated  and 
sent  to  the  user’s  mail. 

(vi)  The  password  is  updated  successfully. 
Other  tools  utilized  in  the  work  are  PHP,  j  Query, 
My  SQL  Database,  Ajax,  HTML5,  CSS 
(Cascading  Style  Sheet),  MTP  (Simple  Mail 
Transfer  Protocol), 
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3.1  System  Architecture 


Figure3.  2:  User  registration  phase 


Figure  3.3  User  login  and  authentication  phase 


Figure3.4:  Password  change  phase. 
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by  retracting  URL  typographical  errors  to  error  404 


Registration 
proc  ess  with  valid 
details  of  the  liter. 


Generated 
verification  code 
for  authenticating 
user  who  can  login 
to  the  cloud  after 
been  authenticated 


When  security  is 
breached,  a  new 
verification  code 
and  a  new 
password  is  made 
available  for  the 


Breached 

Security 


(not  found). 
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Figure  3.5:  A  use  case  diagram  representing  the 
proposed  system. 

4.  IMPLEMENTATION 

In  order  to  carry  out  the  implementation  of  this  work, 
a  system  using  an  integrated  development 
environment  was  developed.  The  system  works  by 
using  a  verification  code  which  is  a  random  set  of 
numbers  that  is  generated  by  the  system  to 
authenticate  users.  PHP  programming  language 
enhanced  with  other  tools  such  as  Ajax,  htdocs, 
htaccess,  SMTP  server  e.  t.  c  was  used  in  the 
development  of  the  system.  PHP  was  used  in  the 
development  of  the  system  as  a  result  of  the  need  to 
simulate  web  cloud  security  and  security  was  installed 
in  the  development  using  htdocs  and  htaccess  which 
help  to  prevent  against  IP  address  filtering,  URL 
address  switching  and  removes  the  channel  of  SQL 
injection.  Also  the  application  also  provides  security 


Figure  4.1:  About  interface 

This  interface  that  gives  a  brief  introduction  to  users 
on  what  the  application  is  all  about  and  the  services  it 
offers  and  how  to  use  the  application. 


About  111  Contact  Ut  Create  Account  Forgot  Piutnd  Login 


Register  NEW  ACCOUNT 

•  Ncvvul  Mtnuttoa 

• » ntoiMUM  eg  husainiOOS 

•<***»» 

EaulAMrau: 

eg  husam.lopo@gmail.com 


SKtsIty  Qukiu. 

Wlurt  yow  tMngfi  tmt  name? 
utum  to  narty  question: 


Type  (AW: 
Doc  Fit* 


Figure  4.2:  User  registration 
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The  above  figure  shows  the  user  registration  interface 
which  consists  of  the  steps  to  take  and  the  fields  to  fill 
before  becoming  a  registered  user,  after  which  the 
unique  verification  code  of  the  user  is  generated  and 
sent  to  the  registered  user’s  email. 


LOGIN 


The  above  shows  the  interface  for  the  second  level  of 
authentication  that  is  presented  to  the  user  in  which 
the  user  is  to  enter  the  verification  code  that  was  sent 
to  their  registered  email  address. 


e-AppUcatlon 


Cra»E*  *  feMur 


o 


Mtrj  Link* 


o 


Figure  4.3:  First  level  of  authentication 

The  Figure  above  shows  the  interface  for  which 
registered  users  who  want  to  log  in  have  to  enter  their 
user  name  and  personal  password  as  the  first  level  of 
authentication. 


Verification  Code 

Please  check  your  mail  for  the  verification  code  to  proceed 


Figure  4.6:  Upload  page 

The  above  shows  the  upload  interface  which  is  where 
an  authenticated  user  is  taken  to  and  he/she  can  now 
manage  their  stored  information  and  also  add  more 
information  that  they  want  to  upload.  Users  can  log 
out  by  clicking  on  the  image  by  the  right  hand  side. 


About  Us  Contact  Us  Create  Account  Forgot  Password  Log  In 


Forgot  Password 


Welcome  to  our  forgot  password  wizard, 


M  Rights  reserved,  e-Apps.  Designed  byOmotola 


Figure  4.4:  Second  level  of  authentication 


Please  endeavour  that  all  fields  are  filled  before  submission  for  this  wizard  to  be  completed  for  retrieval  of  password 


Figure  4.7:  Password  change  step  1 
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The  above  shows  the  first  step  a  user  has  to  go 
through  before  they  can  change  to  a  new  password  in 
case  of  anything  happening  to  their  previous  password 
which  is  for  the  user  to  enter  their  registered  email 
address. 


The  aboveshows  the  final  step  for  users  who  want  to 
change  their  password  which  is  for  users  to  enter  the 
new  password  they  would  like  to  be  using  and  the 
server  updates  the  user’s  password  after  which  a  new 
verification  code  is  supplied  for  the  user. 


Forgot  Password 


n«  ts  our  fbrgcc  passwwd  we  art, 


Figure  4.8:  Password  change  step  2 

The  above  shows  the  next  step  for  users  who  want  to 
change  their  passwords.  After  the  user  enters  the  right 
email  address  the  user  is  taken  to  this  page  where 
he/she  supplies  the  answer  to  the  security  question 
answered  during  registration  and  the  authentication 
server  validates  the  answer.  If  a  wrong  email  is 
entered  in  step  one  the  user  is  not  going  to  be  taken  to 
step  two. 


Forgot  Password 


Wdcnrnj  to  our  fnrrjcrt  password  mint, 


RECOVERY  WIZARD 


Iteast  endeavour  that  all  fields  are  fillet  before  submission  for  this  wizard  to  be  completed  for  retrieval  of  password 


CONCLUSION 

The  focus  this  work  was  to  implement  an  application 
that  addresses  and  provide  a  possible  solution  to  the 
problem  of  unauthorized  access  to  applications  and 
information  in  the  cloud  environment,  this  was 
achieved  by  implementing  a  well  secured  system 
called  e-apps  for  authenticating  users  and  securing 
files  and  applications  that  are  stored  in  the  cloud.  E- 
apps  provides  a  secure  environment  with  the  use  of  a 
user-id,  user’s  personal  password  and  a  uniquely 
generated  verification  code  that  is  sent  to  the  user’s 
email,  the  verification  code  sent  to  the  user’s  mail  is 
protected  with  the  security  question  answered  during 
registration.  The  implementation  shows  that  this  work 
can  support  any  type  of  file  and  application  and  that  it 
works  when  user  is  connected  to  the  internet.  The 
architecture  and  the  steps  involved  in  the  creation  of 
the  application  has  been  discussed.The  results  are 
promising  and  demonstrates  the  suitability  of  e-apps 
for  addressing  the  problem  of  unauthorized  access  to 
files  and  applications  that  have  been  uploaded  and 
stored  on  the  cloud. 


Figure  4.9:  Password  change  step  3 
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